rzyfront/vendix-backend
skills/vendix-backend/SKILL.md
NestJS backend patterns for Vendix domains, controllers, services, DTOs, scoped Prisma, auth/permissions, validation, and module registration. Trigger: When editing files in apps/backend/, creating modules, or working with Prisma.
$ install --global
skillsauthnpx skillsauth add rzyfront/vendix vendix-backendInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 16, 2026, 5:05 AM209.7s1 file scanned
SKILL.md
- name:
- vendix-backend
- description:
- >
- auth/permissions, validation, and module registration. Trigger:
- When editing files in
- license:
- MIT
- author:
- rzyfront
- version:
- 2.0
- scope:
- [root]
- auto_invoke:
- Editing files in apps/backend/, creating modules, or working with Prisma
Vendix Backend
Architecture
Backend code lives mainly under apps/backend/src/domains/, plus shared common/, prisma/, ai-engine/, and infrastructure modules. Do not create new feature folders under the old src/features/ pattern.
Common domain areas:
domains/superadmin/domains/organization/domains/store/domains/ecommerce/domains/auth/
Standard Module Shape
Follow existing domain folder conventions:
apps/backend/src/domains/<domain>/<module>/
<module>.module.ts
<module>.controller.ts
<module>.service.ts
dto/
Some established modules have nested submodules or shared services. Match the nearest existing pattern.
Prisma Services
Use the domain-appropriate Prisma service:
| Context | Service |
| --- | --- |
| superadmin/system | GlobalPrismaService |
| organization admin | OrganizationPrismaService |
| store admin/POS | StorePrismaService |
| ecommerce customer/public store | EcommercePrismaService |
If adding a new model, register it in scoped Prisma services before relying on automatic tenant filters. See vendix-prisma-scopes.
Controller Rules
- Controllers should stay thin: parse params, apply guards/decorators, call services.
- Use DTOs for request bodies and query payloads.
- Protect routes with the existing auth/permissions patterns where needed.
- Domain services own business logic and Prisma calls.
Validation And Errors
- Global
ValidationPipeis configured inmain.ts; use class-validator DTOs. - Use
VendixHttpExceptionand registeredErrorCodeswhere available. - Keep validation/business checks as early throws in services.
Commands
npm run prisma:generate -w apps/backend
npm run db:migrate:dev -w apps/backend
npm run db:migrate:prod -w apps/backend
npm run db:seed -w apps/backend
docker logs --tail 40 vendix_backend
Do not run destructive reset/clean commands unless explicitly requested.
Related Skills
vendix-prismavendix-prisma-scopesvendix-backend-authvendix-backend-apivendix-validationvendix-error-handling
Related Skills
rzyfront/mobile-dev
development
VerifiedTrustedCommunity
Mobile app development rules for Vendix Expo/React Native project. Trigger: When editing, creating, or modifying any file under apps/mobile, or when developing mobile-specific features.
5SKILL.mdUpdated May 29, 2026
rzyfront/vendix-subscription-gate
development
VerifiedTrustedCommunity
Feature gating by store subscription state: global store write guard, AI feature gate, Redis feature resolution, quota consumption, frontend paywall interceptor, banner, and subscription UI states. Trigger: When adding feature gates, paywalls, subscription-based access control, protecting store write operations, AI feature gates, or rollout flags.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-saas-billing
testing
VerifiedTrustedCommunity
SaaS subscription billing for Vendix stores: plan pricing, invoices, Wompi platform payments, manual payments, partner commissions, payouts, proration, and dunning. Trigger: When creating SaaS invoices, working with partner rev-share, margin/surcharge pricing, invoice sequence allocation, partner payout batches, subscription payments, manual payments, or dunning flows.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-redis-quota
development
VerifiedTrustedCommunity
Periodic quota counters with Redis, UTC period keys, Lua-based idempotent AI quota consumption, request-id deduplication, and post-success consumption. Trigger: When building quota counters, enforcing monthly/daily feature caps, or reusing AI quota patterns for uploads, emails, exports, or rate-limited features.
5SKILL.mdUpdated May 16, 2026